|
|
BugTraq
Need help. Proof of concept 100% security. Aug 18 2003 03:24PM Balwinder Singh (balwinder gmx net) (5 replies) Re: Need help. Proof of concept 100% security. Aug 15 2003 10:01PM Alaric B Snell (alaric alaric-snell com) (1 replies) Re: Need help. Proof of concept 100% security. Aug 18 2003 04:18PM Anil Madhavapeddy (anil recoil org) (1 replies) Re: Need help. Proof of concept 100% security. Aug 20 2003 05:31PM ari (edelkind-bugtraq episec com) Re: Need help. Proof of concept 100% security. Aug 15 2003 07:56PM Crispin Cowan (crispin immunix com) Re: Need help. Proof of concept 100% security. Aug 15 2003 07:14PM Clifton Royston (cliftonr lava net) (1 replies) Re: Need help. Proof of concept 100% security. Aug 20 2003 08:04PM Balwinder Singh (balwinder gmx net) (1 replies) Re: Need help. Proof of concept 100% security. Aug 19 2003 01:16AM Kyle Roger Hofmann (krhofman umich edu) Re: Need help. Proof of concept 100% security. Aug 15 2003 05:48PM Nicholas Weaver (nweaver CS berkeley edu) |
|
Privacy Statement |
> objective. Now idea is to watch syscalls that a program is supposed to
> make during its run time. A database which describes the syscalls that a
> program can make is called behavior model of the program. Lets assume we
> can generate a behavior model which perfectly describes an application.
> Now any deviation from behavior model of program essentially indicates
> an intrusion at real time. Thus a corrective action can be taken.
Nothing new under the sun:
http://imsafe.sourceforge.net/inside.htm
ftp://ftp.cs.unm.edu/pub/forrest/uss-2000.ps
And even published research:
http://citeseer.ist.psu.edu/13864.html
http://citeseer.nj.nec.com/445166.html
There are conspicuous citations in the two papers above. As for the mimicry
attacks against this concept, an URL has already been posted
Cordialmente,
Stefano Zanero
[ reply ]